m3rx
Ransomware group profile
20Victims
50Impact score
Description
m3rx is a newly identified ransomware group that emerged in late April 2026, recognized for its rapid operational activity and deployment of a Go-based encryptor. It utilizes a double extortion model, encrypting files and threatening to release stolen data if ransom payments are not made.
Key insights
- •Employs a double extortion model with both data encryption and threat of public release of stolen data.
- •Utilizes a Go-based PE32+ x64 encryptor that renames files with a .8hmlsewu extension.
- •Demands payment in Bitcoin after negotiation while leveraging sensitive data exposure to press victims.
- •Erases its own traces by self-deletion through PowerShell post-execution.
- •Targets diverse sectors and countries, impacting organizations globally.
Threat Level & Status Breakdown
For m3rx · Based on incidents in selected period
2threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality0.8/ 10
Status Breakdown
Claimed85.0%17
First seenApr 2026
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for m3rx in the selected period
20Total attacks
12peak in May
10avg / month
↑ 4 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for m3rx
- fa410423b2982a435bc488aa652a96c4fe65dad66313378ca7c14bec23697327
- 194086c3836c768a871d9998fccbed7ef73fcc5f3fbd541720b52205c774c735
- 34af56de4c2b7216ce832be471c791eb350248683cb91924eefdcfc67738f296
- 521b1bd3f30ca50eaee6f74718b97dbe8a49c245
- cdbe4aed37c98d67a005ef469e7e0586e0ff8973b91a8d577d320e67cf46b572
- fc18506bbbbe57fdcecaa424735705501480e6708b634457010a5cf6bdc42525
- 1c648500122bb140d0857c15e3af92a1a3f3084e9f7247c8c21fc406a384136f
- b09ece33ffe5efb1903526229595a8c74d983c731505bee09c2a005036c834b8
- 071e2e0087554d96bba6a4ab73d88cd0
- ce1a0de9338a3aeb622ebaf27d4b73def4fcdd203e684084b5da8280357c3b4f
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for m3rx
Other
T1486
T1486
T1490
T1490
T1071.001
T1071.001
T1041
T1041
T1562
T1562
T1080
T1080
T1059
T1059
T1021.001
T1021.001
T1547
T1547
T1027
T1027
Victims(20)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| jichasa.com | jichasa.com | MX Mexico | Transportation | Claimed | 7 days ago | |
| dosocho.es | dosocho.es | ES Spain | Retail & E-Commerce | Claimed | 17 days ago | |
| soft-inc.com | soft-inc.com | JP Japan | Technology | Claimed | 17 days ago | |
| psbsementi.it | — | IT Italy | Other | Unknown | 17 days ago | |
| grupo55.com | grupo55.com | ES Spain | Financial Services | Claimed | 17 days ago | |
| pvdd.ca | pvdd.ca | CA Canada | Government & Defense | Claimed | 28 days ago | |
| datasavior.com | datasavior.com | US United States | Technology | Claimed | 28 days ago | |
| kbtoys.com.au | kbtoys.com.au | AU Australia | Retail & E-Commerce | Claimed | 28 days ago | |
| alge-stop.dk | alge-stop.dk | DK Denmark | Retail & E-Commerce | Claimed | 28 days ago | |
| emtco.com | emtco.com | US United States | Manufacturing | Claimed | about 1 month ago | |
| it-freitag.de | it-freitag.de | DE Germany | Technology | Claimed | about 1 month ago | |
| manateeair.com | manateeair.com | US United States | Transportation | Claimed | about 1 month ago | |
| dmschweiz.ch | dmschweiz.ch | CH Switzerland | Technology | Claimed | about 1 month ago | |
| anvilarts.org.uk | anvilarts.org.uk | GB United Kingdom | Hospitality | Claimed | about 1 month ago | |
| primeproperties.com.au | primeproperties.com.au | AU Australia | Retail & E-Commerce | Claimed | about 1 month ago | |
| airdriephysio.com | airdriephysio.com | CA Canada | Healthcare | Claimed | about 1 month ago | |
| rainforestclean.com | rainforestclean.com | US United States | Hospitality | Claimed | about 1 month ago | |
| rotak.it | rotak.it | IT Italy | Manufacturing | Claimed | about 1 month ago | |
| osoftec.com | — | IN India | Technology | Unknown | about 1 month ago | |
| boxtopia.co.uk | — | GB United Kingdom | Retail & E-Commerce | Unknown | about 1 month ago |
Affected countries(13)
Countries where this group has been reported to target or leak victims.